Use this command to enable a standard or detailed logging IPv6 access list rule entry.
| entry | Specifies a sequence numbered entry to log when a hit occurs. Valid values: 1 - 5000. Default value: all |
| implicit_permit_nd -na | Specifies the logging of a neighbor advertisement hit. |
| implicit_permit_nd -ns | Specifies the logging of a neighbor solicitation hit. |
| implicit_deny | Specifies the logging of an implicit deny rule hit. |
| all | Specifies that all hits are to be logged, including the final implicit deny. |
None.
Standard or extended IPv6 access list configuration.
You can also turn on logging for each access list permit or deny rule when you configure the access list entry, using either the log or log-verbose parameters. When turning on logging within an access list rule configuration, all hits for that rule will be logged. The log command allows for turning on logging after a rule has been configured. The logging behavior is based upon the entry or keyword specified. If logging is already turned on for a permit or deny rule, The log command access list entry for that rule is redundant.
Access list logging is throttled to 1 log message per second. If there are multiple access list rules with logging enabled (log or log-verbose), and more then one frame is transmitted per second that can hit those rules, only the first frame will generate a message. Logging is sampling and does not report every time that a rule with logging enabled is hit.
This example enters configuration mode for standard IPv6 access list acl2 and enables standard logging for a final implicit deny hit:
System(rw-config)->ipv6 access-list standard acl2 System(rw-cfg-ipv6-std-acl)->log implicit_deny System(rw-cfg-ipv6-std-acl)->
Print
this page
Email this topic
Feedback
View PDF
Download EPUB